Risk management

The Mediobanca group stands apart for its prudent and selective approach to risk management, its excellent asset quality and high capitalization, with an ample buffer that surpasses minimum capital requirements and is one of the best in the Italian and European banking industry.

To manage the implicit uncertainty that characterizes the banking and financial industry, we have established a body of rules, procedures and organizational units to:

• safeguard the integrity of the bank’s assets to the direct benefit of shareholders, customers and employees;
• support the preparation and implementation of business strategies;
• drive long-lasting, sustainable growth for the bank and returns for shareholders;
• structure effective and reliable processes and procedures.

The group’s Risk Management function collaborates in the definition and implementation of the risk appetite framework (RAF) and the related risk governance policies through an adequate risk management process. It plays a key role in risk management strategies and decisions, the assessment of extraordinary transactions and the identification, measurement, assessment, management, mitigation, monitoring and reporting of risks and in the event of unauthorized exposures.

In particular, it is responsible for identifying and initiating an efficient risk management process and for its deployment within the group. To this end, it oversees the functioning of the bank’s and the group’s risk control system, defining the appropriate measurement methods for all current and potential risks. Group Risk Management ensures constant control over the group’s and each of its units’ overall exposure to credit, financial, operational and other material risks in compliance with the limits established by internal rules and supervisory regulations.

Group Risk Management provides the subsidiaries with risk management guidelines to ensure governance of exposure to these risks throughout the entire group.

In the performance of its control functions, the Group Chief Risk Officer is responsible for identifying and initiating an effective risk management process through the development of risk management policies that include the definition and quantification of the risk appetite and the policies and risk limits of each operating unit and the group as a whole, with the support of the subsidiaries’ risk management departments, which, to this end, report to the Group Chief Risk Officer.

Within the risk appetite framework, Group Risk Management periodically conducts a series of internal tests to measure the current level of indicators compared to the RAF thresholds. It also expresses advance opinions on whether the most significant transactions are consistent with the risk appetite framework, identifying any decision escalation needs. If necessary, depending on the nature of the transaction, it acquires the opinions of the other functions involved in the risk management process.

The Group Chief Risk Officer participates in the Risk Committee’s meetings, supporting it in its controls. Each year, GRM submits a report to the Risk Committee, the Board of Directors and the Board of Statutory Auditors on the activities performed, with an assessment of the risk profile and the adequacy of the group’s risk management measures. Each quarter, it reports on integrated risk monitoring, the RAF and the recovery plan.

Risk Management is involved in decisions about entering new markets, the bank’s products and extraordinary transactions in order to assess the impacts of assuming new risks. It is also responsible for the group’s stress testing process and execution.

Group Risk Management reports directly to the CEO. Group Risk Management functionally reports to the Risk Committee.

Other company functions

Risk Management continuously interacts with the governing bodies and other operating units, particularly Audit and Compliance.

Asset Liability Management (ALM) and Liquidity plays a key role in this context, as it oversees the forward-looking monitoring of interest income and the group’s cash position through reporting to the ALM Committee. In particular, the ALM and Liquidity function:

• monitors the group’s ALM position;
• estimates interest income and the sensitivity indicators of portfolios;
• oversees compliance with the liquidity policy and related contingency funding plan (in coordination with Risk Management);
• measures liquidity indicators and monitors that they remain within the limits, by preparing the defined reports.

As part of the parent company’s risk governance, specific tasks within the risk assumption, management, measurement and control processes are assigned to specific steering committees. In particular:

• Group Risks Management Committee (GRMC), with the following duties: i) preliminary analysis of all proposed resolutions on risk issues for which the Board of Directors has responsibility (excluding conduct risk), ii) addressing and monitoring all risks at Group level, including credit, market, non-financial (excluding conduct risk), liquidity and interest rate risk, including prior analysis of new business lines. The Committee also approves the structure for addressing and managing model risk and valuation risk; it is responsible for assessing the action plan in crisis situations as provided by the Recovery Plan; and directs the assumption, modelling and management of ESG risks (with the exception of greenwashing);
• Credit and Market Committee (CMC) for the assumption of credit risk, counterparty risk, and market risk in accordance with the limits set in the RAS and the guidelines laid down by the GRMC;
• Group ALM Committee for approval of the funding plan, monitoring of the policy for assuming and managing ALM risks at Group level (treasury and funding) and approval of the methodologies for determining the internal rate of transfer;
• Group Non-Financial Risks Committee, with duties of identifying, addressing, monitoring and mitigating non-financial risks at Group level, including IT, fraud, outsourcing, legal, tax and other non-financial risks (excluding conduct risk);
• Investments Committee, with powers of approval for the investments referred to under Article 18 of the Articles of Association and for other shares and holdings in funds and for the banking book in general (not including shares in companies forming part of the Mediobanca Group);
• New Operations Committee, for prior assessment of new activities and approval of entry to new sectors, new banking and financial products, and the related pricing models, and for fair value calculation methodologies;
• Group Wealth Investment Committee, for defining market views at Group level based on analysis of the economic situation for relevant markets/countries and monitoring their track record;
• Private & Premier Investments Committee, for defining the strategic and tactical asset allocation, and for selecting the investment houses, funds and other financial instruments and monitoring the investment services and the powers delegated in order for such services to be performed;
• Conduct Committee, for the administration, governance and approval of conduct risks (compliance, money laundering and terrorism financing, and greenwashing) for both Mediobanca and the Group.

The risk management process

The chart illustrates the risk management process for which the Chief Risk Officer is responsible. Group Risk Management provides operational guidelines for the group’s and the parent bank’s operations and projects and coordinates relationships with the supervisors.